1. No category

Rosemount 5900 and 2410 Safety Manual for Analog Output/Relay Output

Safety Manual
00809-0400-5100, Rev AA
May 2016
Rosemount™ 5900 Radar Level Gauge and
2410 Tank Hub
Safety Manual for Use in Safety Instrumented Systems
SIL 2 Model Code Option S
Safety Manual
Contents
00809-0400-5100, Rev AA
May 2016
Contents
1Section 1: Safety Instrumented System
1.1 Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2.1 Purpose of the product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2.2 Assumptions and restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Safety Instrumented System (SIS) certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3.1 Still-pipe Array Antenna with hinged hatch . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Safety-certified identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.5 Functional specification of the safety function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.5.1 Safety architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2Section 2: Installation and Configuration
2.1 Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Installation in SIS applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Configuration in SIS applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3.1 Analog output configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3.2 Relay configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.4 Write protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
2.5 Site acceptance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
3Section 3: Operation and Maintenance
3.1 Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
3.2 Proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
3.2.1 System test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.2.2 Check of relay output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.3 Check of 4-20 mA output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2.4 High level alarm test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
AAppendix A: Specifications and Reference Data
A.1 SIS reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
A.1.1 Failure rate data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
A.1.2 Failure values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
A.2 Product life . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
BAppendix B: Terms and Definitions
CAppendix C: Dry-run Configuration
Contents
i
Contents
May 2016
ii
Safety Manual
00809-0400-5100, Rev AA
Contents
Safety Manual
Title Page
00809-0400-5100, Rev AA
May 2016
Rosemount™ Tank Gauging
NOTICE
Read this manual before working with the product. For personal and system safety,
and for optimum product performance, make sure you thoroughly understand the
contents before installing, using, or maintaining this product.
For equipment service or support needs, contact your local Emerson Process
Management/Rosemount Tank Gauging representative.
Spare Parts
Any substitution of non-recognized spare parts may jeopardize safety. Repair, e.g.
substitution of components etc, may also jeopardize safety and is under no
circumstances allowed.
Rosemount Tank Radar AB will not take any responsibility for faults, accidents, etc
caused by non-recognized spare parts or any repair which is not made by
Rosemount Tank Radar AB.
Title Page
iii
Title Page
May 2016
iv
Safety Manual
00809-0400-5100, Rev AA
Title Page
Safety Manual
Safety Instrumented System
00809-0400-5100, Rev AA
Section 1
May 2016
Safety Instrumented System
Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Safety Instrumented System (SIS) certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Safety-certified identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Functional specification of the safety function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1
page 1
page 2
page 3
page 4
page 5
Safety messages
Procedures and instructions in this manual may require special precautions to ensure the
safety of the personnel performing the operations. Information that raises potential safety
issues is indicated by a warning symbol ( ). Refer to the safety messages listed at the
beginning of each section before performing an operation preceded by this symbol.
Failure to follow these installation guidelines could result in death or serious
injury.
Make sure only qualified personnel perform the installation.

Use the equipment only as specified in this manual. Failure to do so may impair
the protection provided by the equipment.
Explosions could result in death or serious injury.

Verify that the operating environment of the transmitter is consistent with the
appropriate hazardous locations certifications.

Before connecting a hand held communicator in an explosive atmosphere, make
sure the instruments in the loop are installed in accordance with intrinsically safe
or non-incendive field wiring practices.

Do not remove the gauge cover in explosive atmospheres when the circuit is
alive.
Electrical shock could cause death or serious injury.


Safety Instrumented System
Use extreme caution when making contact with the leads and terminals.
1
Safety Instrumented System
00809-0400-5100, Rev AA
May 2016
1.2
Safety Manual
Introduction
The purpose of the safety manual is to document all the information, relating to the
Rosemount Tank Gauging system, which is required to enable integration into a
safety-related system, in compliance with the requirements of IEC 61508.
1.2.1
Purpose of the product
The Rosemount™ Tank Gauging Safety System is designed for high performance level
gauging in various types of storage tanks. It measures the distance to a liquid in a tank for
Safety Instrumented Systems. Two relays and one 4-20 mA analog output are available for
alarm indication and overfill and dry run risk. Non safety-related instruments such as level
transmitters, temperature sensors, remote display units, water level sensors, pressure
sensors, and other instruments can be connected.
The Rosemount Tank Gauging Safety System is intended for use as a level measurement
sensor in safety instrumented functions (SIF) designed per IEC 61511. It is comprised of the
following main elements:
Rosemount 5900
The Rosemount 5900 is a radar level gauge developed for a wide range of applications at
bulk liquid storage facilities. Different antennas can be used in order to meet the
requirements of different applications. The 2-in-1 version of the Rosemount 5900 has two
independent and galvanically isolated radar modules in the same transmitter enclosure
using a single antenna.
Rosemount 2410
The Rosemount 2410 acts as a power supply to the connected Rosemount 5900 using the
intrinsically safe Tankbus. The Rosemount 2410 provides the analog 4-20 mA outputs and
relay output and digital communication allowing connection of configuration tools or
safety control system.
1.2.2
Assumptions and restrictions
Note that the Rosemount 5900 is not safety-rated during maintenance work, configuration
changes, or other activity that affects the Safety Function. Alternative means should be
used to ensure process safety during such activities.
False echoes within the radar beam from flat obstructions with a sharp edge may lead to a
situation where the Rosemount 5900 can no longer be used for safety related functions
with the listed failure rates, Safe Failure Fraction and PFDAVG. However, reduced proof test
intervals can help to detect such unwanted causes.
2
Safety Instrumented System
Safety Manual
Safety Instrumented System
00809-0400-5100, Rev AA
1.3
May 2016
Safety Instrumented System (SIS) certification
The Rosemount Tank Gauging Safety System is designed for applications in high demand
mode operation (demand rate of 1 per week).
The Rosemount Tank Gauging Safety System is certified to:

Low and High Demand of operation

Systematic Capability: SC 3 (SIL 3 capable)

Random Capability for type B device:
-
1 in 1 SIL 2 @ HFT=0
-
2 in 1 SIL 2 @ HFT=0
Note
Refer to the 5900/2410 FMEDA report for failure rate data, assessment details, and
assumptions regarding failure rate analysis.
It is important that the Rosemount Tank Gauging Safety System is installed and used in
appropriate applications as described in relevant installation instructions. Otherwise the
required functional safety may not be maintained.
The instruments in a Rosemount Tank Gauging System must be operated within specified
environmental conditions. Operating conditions are available in the Rosemount Tank
Gauging System Data Sheet, Document No. 00813-0100-5100.
If there are any echoes measured by the Rosemount 5900 which cannot be traced back to
the product surface, note if there are any objects such as beams, heating coils etc. in the
tank, that correspond to the found echoes. Appropriate action has to be taken if the
disturbing echoes affect measurement performed, please contact Emerson Process Management/Rosemount Tank Gauging for advice.
1.3.1
Still-pipe Array Antenna with hinged hatch
The Rosemount 5900 Radar Level Gauge including the SIL alarm output is not safety-rated
during maintenance work. This includes opening of the 5900 still-pipe array antenna,
hinged hatch version during for example manual gauging (hand-dip) or product sampling.
During hatch opening, system may go to de-energized state (alarm). If needed, alternative
means should be used to ensure process safety during opening of hatch.
Safety Instrumented System
3
Safety Manual
Safety Instrumented System
00809-0400-5100, Rev AA
May 2016
1.4
Safety-certified identification
All Rosemount 5900 Radar Level Gauges and Rosemount 2410 Tank Hubs must be identified
as safety-certified before installing into SIS systems. Table 1-1 lists the versions of the
Rosemount 5900/2410 Series devices that have been considered for the functional safety
assessment, to which this manual applies.

Models with the S option code are IEC 61508 certified by an accredited 3rd party
agency for use in safety instrumented systems up to SIL 2.
Table 1-1. Rosemount Tank Gauging System (4-20 mA Analog Output)
Hardware
Software/Firmware
5900 Radar Level Gauge (type B)
Model Code S
2410 Tank Hub
Model Code S
Primary Field Bus
Model Code B
Secondary Field Bus
Model Code A, B, C, D
5900 Radar Level Gauge (type B)
5900 sw 1.B5 and further
2410 Tank Hub
2410 sw 1.B1 and further
Table 1-2. Rosemount Tank Gauging System (Standard K1/K2 Relay Output)
Hardware
Software/Firmware
5900 Radar Level Gauge (type B)
Model Code S
2410 Tank Hub
Model Code S
Relay Option 1xSPST
Model Code 1
Relay Option 2xSPST
Model Code 2
5900 Radar Level Gauge (type B)
5900 sw 1.B5 and further
2410 Tank Hub
2410 sw 1.B1 and further
To identify a Rosemount 5900 and Rosemount 2410 safety-certified device:
4

Verify the option code S in the model code, on the label affixed to the outside of the
transmitter head.

Check if a yellow label is affixed to the transmitter head for option code S.

Before doing any configuration, write down the Device Id from the label, and make
sure you are connected to the correct transmitter by verifying the same Device Id
in your communication device.
Safety Instrumented System
Safety Manual
Safety Instrumented System
00809-0400-5100, Rev AA
1.5
May 2016
Functional specification of the safety function
The safety function is based on the analog output 4-20 mA or K1/K2 relay outputs.
If a measured value goes beyond the measurement range, the transmitter enters saturation
mode (limit alarm is disabled) or alarm mode, depending on the current configuration.
The Rosemount Tank Gauging Safety System provides either:

one or two relay outputs, and/or

one 4-20 mA output
and measures the distance from the Gauge reference point to the surface of a liquid in a
tank.
The Rosemount Tank Gauging Safety System contains advanced self-diagnostics; internal
monitoring features, and is programmed to go to de-energized state (alarm) upon
detection of an internal failure.
1.5.1
Safety architecture
The Rosemount Tank Gauging Safety System offers various models in order to support
different system configurations.
SIL 2 1-in-1 (1oo1D)

Single channel architecture (1oo1D) complying with SIL 2. This version includes
one 5900 Radar Level Gauge, one antenna, and one 2410 Tank Hub.
SIL 2 2-in-1 (1oo1D)

Safety Instrumented System
Single channel architecture (1oo1D) complying with SIL 2. This version includes
one “2-in-1” 5900 Radar Level Gauge, one antenna, and one 2410 Tank Hub.
5
Safety Instrumented System
May 2016
6
Safety Manual
00809-0400-5100, Rev AA
Safety Instrumented System
Safety Manual
Installation and Configuration
00809-0400-5100, Rev AA
Section 2
May 2016
Installation and Configuration
Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installation in SIS applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration in SIS applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Write protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Site acceptance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1
page 7
page 8
page 9
page 12
page 12
Safety messages
Procedures and instructions in this section may require special precautions to ensure the
safety of the personnel performing the operations. Information that raises potential safety
issues is indicated by a warning symbol ( ). Please refer to the following safety messages
before performing an operation preceded by this symbol.
Failure to follow these installation guidelines could result in death or serious
injury.
Make sure only qualified personnel perform the installation.
Use the equipment only as specified in this manual. Failure to do so may impair
the protection provided by the equipment.
Explosions could result in death or serious injury.


Verify that the operating environment of the transmitter is consistent with the
appropriate hazardous locations certifications.

Before connecting a hand held communicator in an explosive atmosphere, make
sure the instruments in the loop are installed in accordance with intrinsically safe
or non-incendive field wiring practices.

Do not remove the gauge cover in explosive atmospheres when the circuit is
alive.
Electrical shock could cause death or serious injury.


Use extreme caution when making contact with the leads and terminals.
Any substitution of non-recognized parts may jeopardize safety. Repair, e.g.
substitution of components etc., may also jeopardize safety and is under no
circumstances allowed.
Installation and Configuration
7
Safety Manual
Installation and Configuration
00809-0400-5100, Rev AA
May 2016
2.2
Installation in SIS applications
The Rosemount™ 5900 Radar Level Gauge and Rosemount 2410 Tank Hub should be
installed and configured as described in the reference manual. The materials must be
compatible with process conditions and process fluids. No special installation is required in
addition to the standard installation practices outlined in the reference manuals:

Rosemount 2410 Tank Hub Reference Manual
(Document No. 00809-0100-2410)

Rosemount 5900S Radar Level Gauge Reference Manual
(Document No. 00809-0100-5900)

Rosemount 5900C Radar Level Gauge Reference Manual
(Document No. 00809-0100-5901)

Rosemount Tank Gauging System Configuration Manual
(Document No. 00809-0300-5100)
Note
Installation drawings must be considered for installation of devices in a Rosemount Tank
Gauging Safety System.
Note
The Rosemount 5900 Radar Level Gauge and Rosemount 2410 Tank Hub are not
safety-rated during maintenance work, configuration changes, or other activity that affects
the Safety Function. Alternative means should be used to ensure process safety during such
activities.
8
Installation and Configuration
Safety Manual
Installation and Configuration
00809-0400-5100, Rev AA
May 2016
2.3
Configuration in SIS applications
2.3.1
Analog output configuration
Alarm and saturation levels
DCS or safety logic solver should be configured to handle both High alarm and Low alarm. It
is also required that the transmitter is configured for High or Low alarm. Figure 2-1
identifies the alarm levels available and their operation values.
Figure 2-1. Alarm Levels and Operation Values
Rosemount Alarm Level
Normal Operation
3.75 mA(1)
4 mA
20 mA
3.9 mA
low saturation
21.75 mA(2)
20.8 mA
high saturation
Namur Alarm Level
Normal Operation
3.6 mA(1)
4 mA
20 mA
3.8 mA
low saturation
1.
2.
22.5 mA(2)
20.5 mA
high saturation
Transmitter Failure, hardware or software alarm in Low position.
Transmitter Failure, hardware or software alarm in High position.
It is assumed that the current output signal is fed to a SIL 2-compliant analog input board of
a safety logic solver.
Note
Only the High or Low Alarm Mode can be used for the safety function. Do not choose Freeze
Current.
Note
A Low Alarm will be triggered in case of a hardware fault on the Analog Output card.
Installation and Configuration
9
Safety Manual
Installation and Configuration
00809-0400-5100, Rev AA
May 2016
Analog output configuration in TankMaster
To configure the 2410 Tank Hub analog output:
1.
In the WinSetup workspace click the right mouse button on the 2410 Tank Hub
icon and choose the Properties option.
2.
Select the Configuration tab.
3.
Click the Analog Output button to open the Analog Output Configuration
window(1).
4.
Check the Enable box to activate the analog output option.
5.
Configure Source Parameter, Value Range, and Alarm Mode. See Appendix C in the
Rosemount 2410 Tank Hub reference manual(2) for more information on how to
configure the analog output.
Enable
Note
In case a Proof Test Reference Reflector is used, make sure that the Value at 20 mA is set
above the position of the reflector.
1.
2.
10
Note that this button is available if the Analog Output option is activated for the 2410 Tank Hub.
Document No 00809-0100-2410
Installation and Configuration
Safety Manual
Installation and Configuration
00809-0400-5100, Rev AA
2.3.2
May 2016
Relay configuration
To configure a 2410 Tank Hub Virtual Relay:
1.
In the WinSetup workspace click the right mouse button on the 2410 icon, choose
Properties and select the Configuration tab.
2.
Click one of the Virtual Relay No. buttons. See Appendix C in the Rosemount 2410
Tank Hub reference manual(1) for more information on how to configure the relays.
Normally Open/Normally Closed
Normally Open (NO) is the default setting for the Rosemount 5900 and 2410 in Safety
Instrumented Systems. Verify the relay configuration by, for example, following the
procedure in “Verification of the relay function” on page 15.
See the Rosemount 2410 Tank Hub reference manual(1) for more information on the
Rosemount 2410 relays.
Note
In case a Proof Test Reference Reflector is used, make sure that the relay set point is set
below the position of the reflector.
1.
Document No 00809-0100-2410
Installation and Configuration
11
Safety Manual
Installation and Configuration
00809-0400-5100, Rev AA
May 2016
2.4
Write protection
A Rosemount Tank Gauging safety-certified system should always be write protected in
order to avoid unintentional configuration changes. The Rosemount 5900 Radar Level
Gauge as well as the Rosemount 2410 Tank Hub should be write protected.
It is recommended to use one of the following write protection options:

Hardware switch

Software password protected function
See the appropriate reference manuals listed in “Installation in SIS applications” on page 8
for more information on how to enable write protection.
2.5
Site acceptance
After installation and/or configuration, proper operation of the transmitter (including
verification of all configuration changes) must be verified. A site acceptance test is therefore
required. The proof test outlined in this document can be used for this.
12
Installation and Configuration
Safety Manual
Operation and Maintenance
00809-0400-5100, Rev AA
Section 3
May 2016
Operation and Maintenance
Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 13
Proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 14
Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 22
3.1
Safety messages
Procedures and instructions in this section may require special precautions to ensure the
safety of the personnel performing the operations. Information that raises potential safety
issues is indicated by a warning symbol ( ). Please refer to the following safety messages
before performing an operation preceded by this symbol.
Failure to follow these installation guidelines could result in death or serious
injury.
Make sure only qualified personnel perform the installation.

Use the equipment only as specified in this manual. Failure to do so may impair
the protection provided by the equipment.
Explosions could result in death or serious injury.

Verify that the operating environment of the transmitter is consistent with the
appropriate hazardous locations certifications.

Before connecting a hand held communicator in an explosive atmosphere, make
sure the instruments in the loop are installed in accordance with intrinsically safe
or non-incendive field wiring practices.

Do not remove the gauge cover in explosive atmospheres when the circuit is
alive.
Electrical shock could cause death or serious injury.


Use extreme caution when making contact with the leads and terminals.
Any substitution of non-recognized parts may jeopardize safety. Repair, e.g.
substitution of components etc., may also jeopardize safety and is under no
circumstances allowed.
Operation and Maintenance
13
Safety Manual
Operation and Maintenance
00809-0400-5100, Rev AA
May 2016
3.2
Proof test
The Rosemount™ Tank Gauging Safety System should be checked at regular intervals in
order to detect Dangerous Undetected (DU) failures.
The test must be repeated at regular intervals. The time periods depend on the PFDavg
value. Note! Proof test for PFDavg calculations is only applicable for Low Demand mode.
The level measuring function can be verified via TankMaster WinOpi and TankMaster
WinSetup.
For information about how to verify the relay function see “Verification of the relay
function” on page 15.
Ensure that the proof test is performed with the same product type used when the tank was
configured and approved for SIL Safety Alarm operation.
One or more of the proof tests described below are recommended.
Make sure to enable write protection as soon as you are finished.
Note
The Rosemount 5900 gauge is not safety-rated during maintenance work, configuration
changes, or other activity that affects the Safety Function. Alternative means should be
used to ensure process safety during such activities.
Note
Before every test, make sure you are connected to the correct transmitter by verifying S in
the model code on the label and your software version. Also verify that the Device Id on the
label matches the one in your configuration tool.
Note
For a valid result, always perform the proof test on the product that will be stored in the
tank while the device is in operation.
3.2.1
System test
This proof test will detect approximately 99% of the DU (dangerous undetected) failures not
detected by the diagnostics in the Rosemount Tank Gauging Safety System. The test
includes testing the relay response when the product surface reaches the relay set point.
The overfill and dry-run protection function should be checked by filling and emptying the
tank in order to test the system response when the product surface reaches the relay set
points.
In case the 4-20 mA option is used, verify that the analog output current from the 2410
corresponds to the level presented in the TankMaster configuration tool.
14
Operation and Maintenance
Safety Manual
Operation and Maintenance
00809-0400-5100, Rev AA
3.2.2
May 2016
Check of relay output
By combining the two tests One-point level verification and Verification of the relay
function approximately 88% of the DU (dangerous undetected) failures will be detected.
One-point level verification
This proof test will detect approximately 73% of the dangerous undetected (DU) failures not
detected by the diagnostics in the Rosemount 5900:
1.
Compare the level presented in the TankMaster configuration tool with a second
reference such as the BPCS level sensor or a manual hand dip (see the Rosemount
5900S Reference Manual, Document No. 00809-0100-5900, for a description of how
to perform hand dipping).
2.
Verify that the relay output corresponds to the configured relay state at the current
product level.
Verification of the relay function
This proof test verifies the Safety Relay function itself, i.e. whether the Safety Relay is able to
open and close.
The test will detect approximately 18% of the dangerous undetected (DU) failures not
detected by the diagnostics in the Rosemount Tank Gauging Safety System.
To test the relay function, follow the procedure described below:
1.
In the TankMaster WinSetup workspace select the Rosemount 2410 icon.
2.
Click the right mouse button and choose Manual Control Relay.
3.
Select the virtual relay functions to be tested; Virtual Relay 1, Virtual Relay 2, etc.
Up to ten virtual relay functions can be configured for a 2410 Tank Hub. See section
“Advanced configuration in WinSetup” and “Relay output” in the Rosemount 2410
Tank Hub Reference Manual (Document No. 00809-0100-2410) for more
information.
4.
Specify a Safety Reset Time. This value specifies the time period for the relay to stay
in the test state. When the specified period of time has elapsed, the relay
automatically returns to the original state. The relay will reset even if
communication with the TankMaster PC would fail.
5.
Choose the desired Manual Relay State. Available options are Alarm, Normal, and
Toggle.
6.
Click the Set button. Now the selected relay changes state for the specified number
of seconds and then returns to the previous state.
7.
Verify the K1/K2 relay output:
a.
Verify correct Relay Status as presented in the TankMaster (WinSetup)
configuration tool.
b. Verify that the actual relay output corresponds to the relay state presented in the
TankMaster (WinSetup) configuration tool.
Operation and Maintenance
15
Operation and Maintenance
00809-0400-5100, Rev AA
May 2016
3.2.3
Safety Manual
Check of 4-20 mA output
By combining the two tests One-point level verification and 4-20 mA alarm test
approximately 84% of the DU (dangerous undetected) failures will be detected.
One-point level verification
This test will detect approximately 84% of the dangerous undetected (DU) failures not
detected by the diagnostics in the Rosemount Tank Gauging Safety System.
16
1.
Compare the level presented in the TankMaster configuration tool with a second
reference such as the BPCS level sensor or a manual hand dip (see the Rosemount
5900S Reference Manual, Document No. 00809-0100-5900, for a description of how
to perform hand dipping).
2.
Verify that the analog output current from the 2410 as presented in the
TankMaster configuration tool, corresponds to the level presented.
3.
Measure and verify the analog output current value from the 2410 to correspond
to the current value presented in the TankMaster configuration tool.
Operation and Maintenance
Safety Manual
Operation and Maintenance
00809-0400-5100, Rev AA
May 2016
4-20 mA alarm test
This test will verify that the 4-20 mA analog output responds to level measurement failure
by switching to the configured alarm mode. See “Analog output configuration” on page 9
for more information on how to configure the Analog Output. The test will detect
approximately 19% of the dangerous undetected (DU) failures not detected by the
diagnostics in the Rosemount Tank Gauging Safety System.
1.
Disable write protection in the Rosemount 2410 (see the Rosemount 2410
Reference Manual, Document No. 00809-0100-2410, for information on how to
enable/disable write protection).
2.
Set Alarm Mode=High Alarm Current.
a.
In TankMaster WinSetup, open the 2410 tank hub Properties window.
b. Select the Configuration tab and click the Analog Output button.
c.
In the Analog Output window, set Alarm Mode=High Alarm Current.
d. Click the Advanced button and check the High Alarm current value.
3.
Restart 5900 level gauge.
a.
In the WinSetup workspace, click the right mouse button on the 5900 device icon
b. Click the Restart option.
4.
Verify that the analog output, as presented in the TankMaster WinSetup
configuration tool, switches to alarm mode High. Note that the 5900 will stay in
alarm mode for about 15 seconds.
5.
Measure the analog output current from the 2410 tank hub in alarm mode High.
Verify that it corresponds to the High Alarm Current value.
See the Rosemount 2410 Reference Manual (Document No. 00809-0100-2410) for
more information on how to use the TankMaster WinSetup tool for configuration of
the Analog Output.
6.
Set Alarm Mode=Low Alarm Current.
a.
TankMaster WinSetup, open the 2410 tank hub Properties window.
b. Select the Configuration tab and click the Analog Output button.
c.
In the Analog Output window, set Alarm Mode=Low Alarm Current.
d. Click the Advanced button and check the Low Alarm current value.
Operation and Maintenance
17
Operation and Maintenance
Safety Manual
00809-0400-5100, Rev AA
May 2016
7.
Restart the 5900 level gauge.
a.
In the WinSetup workspace, click the right mouse button on the 5900 device icon
b. Click the Restart option.
8.
Verify that the analog output, as presented in the TankMaster WinSetup
configuration tool, switches to alarm mode Low. Note that the 5900 will stay in
alarm mode for about 15 seconds.
9.
Measure the analog output current from the 2410 tank hub in alarm mode Low.
Verify that it corresponds to the Low Alarm Current value.
See the Rosemount 2410 Reference Manual (Document No. 00809-0100-2410) for
more information on how to use the TankMaster WinSetup tool for configuration of
the Analog Output
18
10.
Ensure that the Alarm Mode is restored to the desired operational setting.
11.
Enable Write Protection.
Operation and Maintenance
Safety Manual
Operation and Maintenance
00809-0400-5100, Rev AA
3.2.4
May 2016
High level alarm test
Prior to running a Proof Test you will have to ensure that a Proof Test Reference Reflector is
installed and properly calibrated and configured. Ensure that High Alarm is set to an
appropriate level below the Proof Test Reference Reflector. A Reference Reflector can be
used with Parabolic and Array antennas. See the Rosemount 5900 Manual Supplement
(Document No. 00809-0200-5900) for instructions on how to install and configure a Proof
Test Reference Reflector.
This test will detect approximately 84% (4 -20 mA analog output) or 88% (relay K1 or K2) of
the dangerous undetected (DU) failures not detected by the diagnostics in the Rosemount
Tank Gauging Safety System.
To run a proof test for a Rosemount 5900 with Reference Reflector do the following:
1.
Ensure that the TankMaster WinSetup program is up and running.
Proof Test
2.
In the WinSetup workspace, click the right mouse button on the 5900 device icon
and choose the Proof Test option.
3.
The Proof Test window appears. It lets you perform various tasks such as performing
Proof tests, viewing Proof Test history, and schedule future Proof Tests.
Operation and Maintenance
19
Operation and Maintenance
00809-0400-5100, Rev AA
May 2016
1.
20
Safety Manual
4.
To perform a proof test of the Rosemount 5900 Radar Level Gauge; in the SIL Safety
Alarm (SIS) pane click the Test button to open the Level Sensor Test window:
5.
This window lets you start a Proof Test. In case the Start Proof Test button is
disabled you will have to make a calibration of the Reference Reflector before a
proof test can be performed(1).
See the Rosemount 5900 Manual Supplement Instruction for Installation, Configuration, and Operation of Proof Test Function with Reference Reflector (Document No. 00809-0200-5900) for more information.
Operation and Maintenance
Safety Manual
Operation and Maintenance
00809-0400-5100, Rev AA
6.
May 2016
The following measurement data is presented:
Parameter
Description
Level
Distance from the Zero Reference Point to the product surface or the
Reference Reflector, respectively
Ullage
Distance from the Tank Reference Point to the product surface
Distance
Distance from the Gauge Reference Point to the Reference Reflector
Amplitude
Amplitude of the radar signal reflected by the product surface or the
Reference Reflector, respectively.
7.
Specify duration of the test in the Proof Test Time field. It can be set to any value
between 30 seconds and 60 minutes. The default value is 120 seconds. Ensure that
enough time is provided for verification of relay state and 4-20 mA output as
described in steps 12 and 13 below.
8.
Enter a signature. This is for identification of the person who is responsible for the
proof test.
9.
Ensure that device status is OK.
10.
Click the Start Proof Test button to perform the test for the specified Proof Test
Time.
11.
Note the Warning that appears when starting the Proof Test. Ensure that the
necessary actions are taken in order to maintain safety during the test.
12.
Verify the K1/K2 relay output:
a.
Verify correct Relay Status and Current Source Value(1) as presented in the
TankMaster WinSetup configuration tool.
b. Verify that the actual relay state at the terminal changes to Alarm.
13.
Verify the 4 - 20 mA analog output:
a.
Verify that the analog output current from the Rosemount 2410 tank hub as
presented in the TankMaster WinSetup configuration tool(2), corresponds to the
product level, i.e. the position of the Proof Test Reflector.
b. Measure and verify that the analog output current from the 2410 corresponds to
the value presented in the TankMaster WinSetup configuration tool.
1.
2.
To open the 2410 Tank Hub Virtual Relay window; in the TankMaster WinSetup workspace right-click the Rosemount 2410 icon, choose
Properties, select the Configuration tab and click the appropriate Virtual Relay button.
To open the Analog Output window; in the TankMaster WinSetup workspace right-click the Rosemount 2410 icon, choose Properties,
select the Configuration tab and click the Analog Output button.
Operation and Maintenance
21
Operation and Maintenance
00809-0400-5100, Rev AA
May 2016
3.3
Safety Manual
14.
When the proof test is finished you will have to fill in a proof test form in order to
create a report. A report in PDF format will be created automatically and will be
available from the Proof Test History window(1).
15.
After the proof test, when the system is in normal operation, measure and verify
that the analog output current from the Rosemount 2410 corresponds to the value
presented in the TankMaster WinSetup configuration tool.
Maintenance
The proof test procedure should be carried out at regular intervals as described in “Proof
test” on page 14.
The devices in the Rosemount Tank Gauging Safety System may only be repaired or
modified by authorized personnel trained by Emerson Process Management / Rosemount
Tank Gauging.
For upgrade of firmware, use the procedure in the Rosemount 5900S Radar Level Gauge
Reference Manual (00809-0100-5900). Check release notes prior to upgrade, see the
Rosemount Tank Gauging web site www.rosemount-tg.com.
1.
22
See the Rosemount 5900 Manual Supplement Instruction for Installation, Configuration, and Operation of Proof Test Function with Reference Reflector (Document No. 00809-0200-5900) for more information.
Operation and Maintenance
Safety Manual
Specifications and Reference Data
00809-0400-5100, Rev AA
May 2016
Appendix A
Specifications and Reference
Data
SIS reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 23
Product life . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 23
For general specifications see technical documentation for
the Rosemount 5900 Radar Level Gauge and the
Rosemount 2410 Tank Hub:
•Rosemount 2410 Tank Hub Reference Manual,
Ref. no. 00809-0100-2410
•Rosemount 5900S Radar Level Gauge Reference
Manual, Ref. no. 00809-0100-5900
•Rosemount 5900C Radar Level Gauge Reference
Manual, Ref. no. 00809-0100-5901
•Rosemount Tank Gauging System Data Sheet,
Ref. no. 00813-0100-5100.
A.1 SIS reference
A.1.1 Failure rate data
The FMEDA report includes failure rates. The full report is
accessible at: EmersonProcess.com/Rosemount-safety.
A.1.2 Failure values

Self-diagnostics test interval: at least every 90 minute

Safety response time 20 seconds
A.2 Product life
50 years.
Based on worst case component wear-out mechanisms not
based on wear-out of process wetted materials.
23
Specifications and Reference Data
Safety Manual
00809-0400-5100, Rev AA
Specifications and Reference Data
May 2016
Specifications and Reference Data
24
Terms and Definitions
Safety Manual
May 2016
00809-0400-5100, Rev AA
Appendix B
Terms and Definitions
Table B-1.
Terms and Definitions
Term
Description
BPCS
Basic Process Control System
Demand rate
How often it will be required from a safety integrity system (or the
safety function) to react on inputs from process to bring it into a safe
state, i.e. to issue an alarm
FIT
Failure in Time (1 FIT = 1failure/109 h)
FMEDA
Failure Modes, Effects and Diagnostics Analysis
HFT
Hardware Fault Tolerance
High mode of operation
The safety function is only performed on demand, in order to transfer
the EUC into a specified safe state, and the frequency of demands is
greater than one per year
Low mode of operation
The safety function is only performed on demand, in order to transfer
the EUC into a specified safe state, and the frequency of demands is no
greater than one per year
Mode of operation
The way in which a safety function operates, which may be either low
mode of operation or high mode of operation
PFDavg
Average probability of Failure on Demand
PFH (average frequency of
a dangerous failure per
hour)
Average frequency of a dangerous failure of an E/E/PE safety related
system to perform the specified safety function over a given period of
time
SFF
Safe Failure Fraction summarizes the fraction of failures, which lead to
a safe state and the fraction of failures which will be detected by
diagnostic measures and lead to a defined safety action.
SIF
Safety Instrumented Function
SIL
Safety Integrity Level
SIS
Safety Instrumented System
Type B component
Complex component (using micro controllers or programmable logic)
1oo1D
Architecture consisting of a single channel with additional diagnostic
capabilities.
25
Safety Manual
00809-0400-5100, Rev AA
26
Terms and Definitions
May 2016
Terms and Definitions
Dry-run Configuration
Safety Manual
May 2016
00809-0400-5100, Rev AA
Appendix C
Dry-run Configuration
This section describes the recommended procedure to configure the Safety System for
Dry-run applications.
Prior to setting up the Safety System for Dry-run it
has to be installed and configured as a standard
Rosemount Tank Gauging system.
The Dry-run configuration aims at specifying the
Low Alarm Limit as well as optimizing the Hold Off
Distance and Amplitude Thresholds.
Amplitude
A. Amplitude threshold
B. High Alarm Limit
C. Product surface
B
The Hold Off Distance should be as large as
possible to avoid impact from noise in the upper
part of the tank.
C
A
Distance
Amplitude
A. Amplitude threshold
B. High Alarm Limit
C. Product surface
D. Minimum operation distance
D
It is recommended to use the Tank Scan(1)
function in TankMaster WinSetup for
configuration of various amplitude thresholds. By
creating an Amplitude Threshold Point (ATP)
curve, noise will be filtered out to ensure that the
product surface is detected at all times.
1. Define the Minimum Operation Distance for
the application. This is the Distance from the
bottom of the flange to the maximum filling
point of the Tank in normal operation.
C
A
B
Distance
Amplitude
D
F
A. Amplitude threshold
B. High Alarm Limit
C. Product surface
D. Minimum operation distance
E. Hold Off Distance
F. Measurement range
E
C
2. Specify a safety margin to ensure that there will
be a sufficient gap between the Hold Off
Distance and the Minimum Operation
Distance. A margin of 50 -100 mm should be
sufficient in most cases. This will make sure that
no false alarms are triggered in case of minor
measurement errors near the maximum filling
point.
3. Set the Hold Off Distance(2) equal to the
Minimum Operation Distance - safety margin.
A
B
Distance
Dry-run Configuration
27
Dry-run Configuration
Safety Manual
May 2016
00809-0400-5100, Rev AA
4. Specify and configure the Low Alarm Limit.
Amplitude
D
F
5. Ensure that the Amplitude Threshold is less than
25% of the amplitude of the Product Surface
echo. The default value is 400 mV.
G
E
C
A
B
Distance
A. Amplitude threshold
B. High Alarm Limit
C. Product surface
D. Minimum operation distance
E. Hold Off Distance
F. Measurement range
G. Low Alarm Limit
6. Check the Tank Scan window to get an overview
of how much noise that exists in the Near Zone
region, the region below the Hold Off Distance.
Amplitude
F
D
Tip! To open Tank Scan: right-click the 5900 icon
and choose Properties>Advanced
Configuration>Tank Scan.
G
H
E
C
7. Filter out noise in the Near Zone region by
adding an ATP curve in TankMaster. The ATP
should be approximately four times the
amplitude of the noise amplitude.
A
B
Distance
A. Amplitude threshold
B. High Alarm Limit
C. Product surface
D. Minimum operation distance
E. Hold Off Distance
F. Measurement range
G. Low Alarm Limit
H. Amplitude Threshold Point (ATP)
1.
2.
28
Note! The product surface should be slightly
below the Low Alarm Limit in the Tank. There
are two reasons for this:
a) calibration should be performed at this point
in the Tank to ensure highest accuracy at the
Low Alarm Limit
b) to make sure that appropriate Amplitude
Thresholds will be set based on the signal
strength at this point
8. Click the Apply button in order to download the
ATP to the Rosemount 5900 level gauge.
To open the Tank Scan window: in TankMaster WinSetup, right-click the 5900 gauge icon, choose Properties, select the Advanced Configuration tab
and click the Tank Scan button.
To set the Hold Off Distance: in TankMaster WinSetup, right-click the 5900 gauge icon, choose Properties, select the Antenna tab.
Dry-run Configuration
Safety Manual
Index
00809-0400-5100, Rev AA
May 2016
Index
Numerics
Option code S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
4-20 mA alarm test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
P
A
Alarm levels and operation values . . . . . . . . . . . . . . . . . . 9
Alarm Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Analog Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Analog Output Configuration. . . . . . . . . . . . . . . . . . . . . 10
Proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Proof Test Reference Reflector . . . . . . . . . . . . . . . . 10, 11
Proof Test Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
R
High Alarm Current. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Random Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Reference Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Reference Reflector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Relay configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Normally Open/Closed . . . . . . . . . . . . . . . . . . . . . . 11
Relay output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Relay Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
L
S
C
Check of relay output . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
H
Level Sensor Test window . . . . . . . . . . . . . . . . . . . . . . . . 20
Low Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Low Alarm Current . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Low Alarm Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Low/High Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
M
Manual Control Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Manual Relay State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
N
Normally Closed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Normally Open . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
O
Safety function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Safety Reset Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Source Parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Start Proof Test button . . . . . . . . . . . . . . . . . . . . . . . . . 20
System test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Systematic Capability. . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
T
Tank Hub Virtual Relay . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Test button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
V
Value Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Verification of the relay function . . . . . . . . . . . . . . . . . . 15
Virtual Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Operation Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
29
Index
Index
May 2016
Safety Manual
00809-0400-5100, Rev AA
Index
30
Safety Manual
00809-0400-5100, Rev AA
May 2016
Global Headquarters and Europe Regional Office
Tank Gauging
Emerson Process Management
Box 150
(Visiting address: Layoutvägen 1)
SE-435 23 Mölnlycke
+46 31 337 00 00
+46 31 25 30 22
[email protected]
North America Regional Office
Tank Gauging
Emerson Process Management
6005 Rogerdale Road
Mail Stop NC 136
Houston TX 77072
United States
+1 281 988 4000 or +1 800 722 2865
[email protected]
Latin America Regional Office
Emerson Process Management
1300 Concord Terrace, Suite 400
Sunrise, FL 33323, USA
+1 954 846 5030
+1 954 846 5121
[email protected]
Asia Pacific Regional Office
Emerson Process Management Asia Pacific Pte Ltd
1 Pandan Crescent
Singapore 128461
+65 6777 8211
+65 6777 0947
[email protected]
Middle East and Africa Regional Office
Tank Gauging
Emerson Process Management
P.O Box 20048
Manama
Bahrain
+973 1722 6610
+973 1722 7771
[email protected]
Linkedin.com/company/Emerson-Process-Management
Twitter.com/Rosemount_News
Facebook.com/Rosemount
Youtube.com/user/RosemountMeasurement
Google.com/+RosemountMeasurement
Standard Terms and Conditions of Sale can be found at:
Emerson.com/en-us/pages/Terms-of-Use.aspx
The Emerson logo is a trademark and service mark of Emerson Electric Co.
Rosemount and Rosemount logotype are trademarks of Rosemount Inc.
All other marks are the property of their respective owners.
© 2016 Emerson Process Management. All rights reserved.

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz